This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSLVPN + Web Protection (browser authentication)

Hi there,

I'm usually using Web Protection in transparent mode + browser authentication. Works fine no issues here.

But, when connected through SSLVPN, i'm already authenticated to the UTM, the UTM knows with which user account i've logged on.
Although, even while SSLVPN authenticated, i'm asked to authenticate again at the Web Protection level again.

Is there any sort of authentication pass-through possibilities in such case?

Thanks.
m.

This thread was automatically locked due to age.

Parents

+1 BAlfson over 6 years ago

The short answer is no, Mokaz, but you could make a separate Web Filtering Profile with only the "mokaz (User Network)" object in 'Allowed Networks' and then not require auth in that Profile.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

+1 BAlfson over 6 years ago

The short answer is no, Mokaz, but you could make a separate Web Filtering Profile with only the "mokaz (User Network)" object in 'Allowed Networks' and then not require auth in that Profile.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Mokaz over 6 years ago in reply to BAlfson

Heya Bob,

Thanks for your answer. We'll have to try this.

One question though, what, how & when does one reach "Full Firewall Authentication" ? Because it seems to me that authenticating to the Web Protection Proxy is indeed just like authenticating to the Web Proxy and nothing else... I've also done some testings with WiFi Captive Portal which ended up to be pretty much the same, you're authenticated but *(User Network) has no effects..

And yes, i've read this =) https://community.sophos.com/products/unified-threat-management/w/utm-wiki/36/choosing-between-utm-authentication-technologies

Thanks,

Cheers,

m-
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 6 years ago in reply to Mokaz

With Active Directory, SSO and STAS, you can achieve "Full Firewall Authentication" - is that what you mean?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Mokaz over 6 years ago in reply to BAlfson

Yep that is what i've meant.. So everything else is useless apart from where it stands pretty much..
Same applies to SSLVPN ?

It's funny, but after havin watched Twin Peaks, i'd never thought i'd say so, but well... Thanks Bob!!
Cancel
Vote Up 0 Vote Down

Cancel